Announcement

**DeadManWalks** · May 10, 2012, 06:22 AM

Re: SSO - Single Sign On

sort of. We never got around to setting up kerbos so we did a cheap and dirty way. On the emulator side, we changed the settings to be "use windows settings" and auto connect, and by pass. The iseries has a system value which lets users by pass the sign on if the passed in creds are correct.

This gave the users a feeling of SSO. They opened an emulator session and it went straight to their first menu/application. Of course this only works if the user ids on the domain are the same on the iseries, along with the passwords.

**fraydey** · May 17, 2012, 08:35 AM

Re: SSO - Single Sign On

I'm using different user ID’s on AS400 & Network side.

**DeadManWalks** · May 17, 2012, 09:12 AM

Re: SSO - Single Sign On

well its kerbose for you then. Best of luck.

**sms_mitschs** · May 22, 2012, 09:10 AM

Re: SSO - Single Sign On

Hi frayday,
we are using SSO with EIM since V5R4 (actually V 6.1) successfully to authenticate users against MS-AD using Kerberos.

Not that complicated at all ... and there are a lot of redbooks available ...

Works like a charm since over two years for three systems in three countries with automatc registration of new users in EIM using the neccessary APIs.

So if there is any need for additional information, please ask

)

Greets from Germany
Sven

**fraydey** · May 23, 2012, 02:15 PM

Re: SSO - Single Sign On

Danke sch�n Sven

I'm in the middle of reading "Windows-based SSO & the EIM Framework".
It is a lecture (redbook) for long Winter nights and we are on the beggining of the Summer.
I was thinking that it is a little bit shorter & simlper way to set it up.

Thanks for your help

**sms_mitschs** · May 23, 2012, 02:50 PM

Re: SSO - Single Sign On

... LOL ... sure that is the cause why our system runs since 2.5 years .... i just read the books in winter ... but it is not that complicated.

To give you further help I need a bit mor information regarding your infrastructure:
- What windows environment are you using (Active Directory? ... thats the best basis)
- What version of i/OS are you using?
- Do you use time servers for synchronizing system times of clients, servers IBM box(es) ... this is essential!
- do the users in the windows environment authenticate against AD?
- do you have domain admin and qsecofr authority?

If you answer thes questions I will prepare some guide for you ;-)

Greets

**fraydey** · May 24, 2012, 02:25 PM

Re: SSO - Single Sign On

Sven

Below I posted more info and answers for your questions.

- What windows environment are you using (Active Directory? ... thats the best basis)
2003 servers with 2008 AD schema

- What version of i/OS are you using?
V6R1M1 (LIC) V6R1M0 (OS)

- Do you use time servers for synchronizing system times of clients, servers IBM box(es) ... this is essential!
All clients sync time to domain controllers except AS400 LPAR

- do the users in the windows environment authenticate against AD?
Yes

- do you have domain admin and qsecofr authority?
Yes

Any help is greatly appreciated.

Thanks

Fraydey

**sms_mitschs** · May 25, 2012, 03:32 AM

Re: SSO - Single Sign On

Hi Fraydey,
here is the shortest HowTo I found in my crap

... It was a series of articles found on itjungle.com ...

This howto is straight forward in gettin SSO and EIM up and running and was my major source to get our system ready for SSO ... for your convenience I copied the essential stuff together to a pdf.

Attached Files

SSO EIM HowTo.pdf (92.9 KB, 1292 views)

**fraydey** · May 25, 2012, 07:26 AM

Re: SSO - Single Sign On

Thanks a lot Sven

This is great help

Announcement

SSO - Single Sign On

SSO - Single Sign On

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment